
Explore panorama modes for physical and virtual appliances, including panorama mode as a combined management server and log collector, plus log collector mode, management only mode, and virtual legacy mode.
Explore basic versus distributed deployment options for Palo Alto Panorama, choosing a single device for management and log collection in small networks and dedicated log collectors for large enterprises.
Panorama provides centralized management of multiple firewalls from a single interface, enabling software updates, licenses, templates, device groups, user ID data, and consolidated logs and reports.
download eve ng community edition 6.204 from the eve ng site and install on vmware workstation pro, configure hardware, and access via browser.
Upload iol switches to eve-ng via ftp, download and unzip router and switch images from google drive, apply license and permissions, and configure layer2 or layer3 mode.
Upload and organize additional images in eve-ng for your lab, including Windows Server 2019, Pfsense, and Linux clients, then apply the fix permissions.
Export panorama lab topology from professional edition and import into eve-ng community edition to reuse labels, then adjust icons, net adapters, and the management subnet.
Configure pc1–pc4 and the server with static IPs, subnets, and gateways across the lab topology; verify connectivity and centralize management via a Palo Alto firewall and Active Directory.
Configure Active Directory on Windows Server 2019 by adding Active Directory Domain Services, promoting the server to a domain controller for a new forest test.local, and completing installation with restart.
Configure DNS on Windows Server by creating reverse lookup zone, pointer records, and optional host records for Pi one, Pi two, and Panorama, then verify with nslookup.
Create admin and support groups and test users in Active Directory to enable panorama access, then assign SP1, SP2, 81, and 82.
Install and configure a Windows Server 2019 with Active Directory and NTP; install three C daemon as FTP and syslog servers; set up SNMP and Radius, and create admin users.
Configure Panorama general settings in the Panorama Setup Management, including name, domain, login banner, time zone, latitude, language, and serial number, then commit to save changes.
Configure dns and ntp graphically in the panorama gui: set primary and secondary dns, add ntp servers (local and time.google.com), and commit the changes.
Configure DNS and NTP on Palo Alto Panorama via CLI, setting primary and secondary DNS, specifying NTP servers, committing changes, and verifying with show commands.
Identify whether Panorama is physical or virtual and locate the serial number or authorization code via the customer support portal. Register the device and activate licenses online or offline.
Learn how to add firewalls to Panorama in a lab setup, configure Panorama settings, generate an auth key, and commit changes to connect devices and verify licenses.
Learn to use Panorama templates to centralize firewall settings by combining network and devices, push changes to firewalls, and organize templates by location or role.
Plan your Panorama template structure by organizing global, data center, and branch office templates, using template stacks and variables to apply common DNS and NTP settings across seven firewalls.
Discover how template variables let you deploy 200 firewalls by varying inside IP, outside IP, and gateway values, using a CSV import to automate per-firewall settings in the template stack.
Create and organize templates and stacks in palo alto panorama version 11, using global, pi one, pi two templates, then build pa one and pa two stacks and commit to panorama.
Create and manage three variables in a Panorama global template to represent outside, inside, and gateway IPs. Use dollar-sign naming for the variables and commit changes to Panorama.
Configure a global template in Palo Alto Panorama to push DNS, NTP, services, log settings, syslog, admin accounts, interfaces, virtual router, zones, and static routes to multiple firewalls.
Configure firewall two template in Panorama by switching to the PA two template, updating general settings and domain test.local, adjusting the banner, and commit the changes.
Modify template variables for firewalls in Panorama by updating wan and lan interface ip addresses and gateways, using manual overrides in pi stack or csv import, commit to Panorama.
Push template stacks from panorama to two firewalls, pi1 and pi2, by selecting templates, applying force template value, and committing to devices; then verify success with no errors.
Verify template settings pushed from panorama to two firewalls, checking that banners, template stacks, interfaces, zones, DNS and NTP, and admin and syslog configurations are in sync.
Create device groups in Panorama to organize shared policies and objects for multiple firewalls. Push the device group configurations to all member firewalls.
Learn how device group inheritance propagates settings from higher to lower groups in Panorama, reducing policy and object duplication across data centers, regions, and branches.
Pre rules top the security policy order to block bad IPs or allow DNS for users; post rules follow to permit internet access, and the default rule catches unmatched traffic.
In Panorama version 11, create a main device group with a global template, add PA one DG and PA two DG for individual firewalls, then commit the changes.
Create and customize security profiles in Palo Alto Panorama version 11 by cloning antivirus, vulnerability protection, URL filtering, file blocking, and wildfire under the main device group.
configure security policies in panorama for firewalls, add a pre rule to deny known malicious ips and a post rule to allow internet from lan to wan, with session-end logs.
Configure a net rule in Panorama to translate LAN to internet traffic for two firewalls, using dynamic IP and port with the WAN interface variable, and commit changes.
Preview security and net rules in Palo Alto Panorama before pushing to managed firewalls. Verify how Pi one and Pi two firewalls render the rules using preview rule.
Push device and group configurations from Panorama to two firewalls, Pi one and Pi two, force the template, commit, then verify security policies, net rules, and profiles are applied.
Forward logs from two firewalls to Panorama by configuring a log forwarding profile in Panorama mode with a serial number, and meet minimum CPU, RAM, and extra hard drive requirements.
Create a log forwarding profile in Panorama, forwarding traffic, URL, thread, and wildfire logs from the default device group to Panorama for centralized firewall visibility.
Learn how to modify the security rule to use a predefined log forwarding profile named default, attach it to the security policy, and commit the changes in Panorama.
Push the configured log forwarding profile through Panorama to two managed firewalls, selecting the log collector group and applying the settings, then verify the push via the task status.
Explore testing and verification of log forwarding profiles in Panorama. Generate traffic from multiple PCs to verify traffic, thread logs, URL filtering, and file logs are forwarded to Panorama.
Schedule or manually download dynamic updates in Panorama to push antivirus, application, and wildfire updates to managed devices, and to update the Panorama device itself.
push dynamic updates from Panorama to managed firewalls, including antivirus and application and thread updates, using manual uploads or scheduled push across two devices.
Push the latest GlobalProtect client from Panorama to multiple firewalls by uploading from the update server, activating from file, and deploying to managed devices for automated updates.
learn to organize hundreds of palo alto firewalls by country or region with firewall tags in panorama, then push updates, software, or global protect to all devices tagged accordingly.
Learn how to manage dynamic updates for Panorama, including scheduling automatic download and install of antivirus, application and threat, device dictionary, and wildfire signatures, plus manual upload options.
Upgrade Panorama pen OS from 11.1 to 11.11 by downloading, installing, and rebooting the device, then verify the new version via dashboard or CLI.
Schedule panorama config export to an ftp or scp server using panorama, configure ftp credentials, and verify backups from two firewalls plus panorama in a lab setup.
Configure SNMP on Panorama by enabling SNMP on the management interface, setting version 2 or 3, and using the public community; then register Panorama as SNMP server with its IP.
Explore Panorama commit options: commit to Panorama, push to devices, or commit and push, for managing Panorama configurations.
Generate centralized panorama reports, including custom thread reports for the last 24 hours and application and URL category reports for the last seven days.
Course Description:
Unlock the full potential of Palo Alto Networks Panorama, the centralized management solution that streamlines the administration of multiple Palo Alto Networks firewalls, with this in-depth, hands-on course. Designed for cybersecurity professionals, network engineers, and IT administrators, this course offers a thorough understanding of Panorama's key features and functionalities to enhance network security and streamline firewall management.
Through a series of practical labs and real-world examples, you’ll gain practical skills in:
Setting Up and Configuring Panorama: Learn to deploy Panorama in your network, configure it for optimal performance, and manage administrative tasks efficiently.
Device and Template Management: Master the centralized management of firewall devices, apply templates, and understand the power of template stacks for consistent policy enforcement across the network.
Policy Management and Best Practices: Develop policies that meet organizational needs and maintain network integrity. You’ll learn to configure and manage security policies and NAT rules.
Log Collection and Monitoring: Gain insights into effective log collection, log forwarding, and the importance of centralized monitoring for proactive threat management.
Centralized Reporting and Analysis: Create detailed reports, customize dashboards, and leverage Panorama’s monitoring tools for effective security audits and incident response.
Upgrades: Understand Panorama’s upgrade process.
By the end of this course, you’ll be able to confidently manage a multi-firewall environment using Palo Alto Panorama and implement security policies that scale with your organization's needs.
What You’ll Get:
Step-by-Step Practical Labs: Each module includes hands-on labs to build real-world skills.
Topologies and Configurations: Downloadable resources for topology and configurations to practice on your own.
Certification Prep: Prepares you for advanced certifications like Palo Alto Networks Certified Network Security Engineer (PCNSE).
Requirements:
Basic understanding of networking, firewalls, and security principles. Familiarity with Palo Alto Networks firewalls is recommended but not required.
Elevate your career and become an expert in centralized network security management with Palo Alto Panorama.